Skip to main content
  1. Home
  2. Computing
  3. News

Google found another critical security flaw in Microsoft Edge

By

Google’s Project Zero disclosed a software vulnerability in Microsoft’s Edge browser over the weekend. The flaw was first reported privately but after Microsoft failed to patch the issue in time, Google’s Project Zero team revealed the technical details of the vulnerability along with Microsoft’s response.

Let’s be clear though, this security vulnerability isn’t the kind of thing you need to run out and uninstall Edge over. Chances are you’re using a different browser anyway, but until it’s fixed maybe stick to Chrome or Firefox. The vulnerability itself establishes a workaround for one of Edge’s built-in security countermeasures, Arbitrary Code Guard (ACG). Sidestepping ACG, Google security researcher Ivan Fratric found a way to load unsigned code into memory from malicious website accessed via Microsoft Edge.

Recommended Videos

“The fix is more complex than initially anticipated, and it is very likely that we will not be able to meet the February release deadline due to these memory management issues. The team is positive that this will be ready to ship on March 13th,” Microsoft replied to Fratric’s disclosure.

Please enable Javascript to view this content

However, Microsoft added, the complexity of the fix has made it difficult to nail down a fixed date for release. Microsoft is reportedly aiming for a mid-March release for the patch, but it’s unclear if the company will make that self-imposed deadline.

We’re only hearing about this now because of Google Project Zero’s security vulnerability policy. When Project Zero discovers a vulnerability, the team reaches out privately to the manufacturer of the product — in this case, Microsoft — giving the manufacturer 90 days to get a fix together before they disclose the vulnerability to the public. This particular disclosure is unlikely to make anyone in Microsoft’s Redmond, Washington, headquarters particularly happy.

As Engadget points out, it’s not the first time Google’s exploit-finding-team has rubbed Microsoft the wrong way. Google and Microsoft have all but come to blows over these disclosures in the past, with each company taking pains to poke holes in the other’s products in order to promote their own. That doesn’t appear to be the case here but it is unlikely anyone at Microsoft is going to look favorably upon this security vulnerability being thrust into the spotlight.

Editors’ Recommendations

Topics
Jayce Wagner
Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
Microsoft is, once again, trying to force users into using Edge
Microsoft Edge on a laptop on a couch.

Microsoft has deployed no shortage of tactics to get Windows users onto its Edge browser, and although some of the more nefarious methods of trying to force users to pick up the browser have failed, the company is still experimenting with new methods. The latest route launches Edge automatically on your PC on startup and prompts users to continually import data from Chrome, including your history, bookmarks, and tabs.

Richard Lawler from The Verge spotted the prompt, which showed up earlier this year without explanation before disappearing. It's back now, and in an official capacity from Microsoft. "This is a notification giving people the choice to import data from other browsers," said Microsoft's Caitlin Roulston in a statement to The Verge.

Read more
My quest to fully remove Microsoft Edge is finally complete
Microsoft Defender and Edge Security settings are open on a PC monitor.

I'm on a mission to eradicate Microsoft Edge from my PC.

It's not a slight against Microsoft -- I just don't particularly care for the Edge browser compared to some of the other best browsers out there. But Edge is different because Microsoft has tried -- and mostly failed -- to court its massive Windows user base, with some unsavory tactics, including making it nearly impossible to set a different default browser to massive, screen-overtaking popups when searching for the Chrome installer.

Read more
This underrated Google Chrome feature turned me into a power user
google chrome automatic tab groups featured

I don't like when my web browser pesters me. It's one of the many reasons I use Google Chrome over Microsoft Edge, but for once, I'm actually thankful to catch a stray pop-up in Chrome.

You may have seen a similar pop-up in Chrome, assuming you consider it the best browser, like I still do. When your tab count gets unmanageable, Chrome will offer to group your tabs together. I dismissed this notification probably a dozen times, but I decided to finally give it a shot one day. And it completely changed how I use Chrome.
The time saver

Read more